Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

wiredmikey writes "Now that the last IPv4 address blocks have been allocated, it's expected to take several months for regional registries to consume all of their remaining regional IPv4 address pool. The IPv6 Forum, a group with the mission to educate and promote the new protocol, says that enabling IPv6 in all ICT environments is not the endgame, but is now a critical requirement for continuity in all Internet business and services. Experts believe that the move to IPv6 should be a board-level risk management concern, equivalent to the Y2K problem or Sarbanes-Oxley compliance. During the late 1990s, technology companies worldwide scoured their source code for places where critical algorithms assumed a two-digit date. This seemingly trivial software development issue was of global concern, so many companies made Y2K compliance a strategic initiative. The transition to IPv6 is of similar importance. If you think you can ignore IPv6, think again."

As I type this in a Starbucks on an AT&T wifi node, DHCP issues both a v4 AND a v6 address.. I've tried to connect to some of the test places via v6, but as of this moment, no joy.. Now if I could just get my home isp to make the jump (Cox)....

Even if the cable companies switchover...will it make any difference to the general home user..their cable modem gets the Ipv6 connection, likely goes to a wireless rounter ipv6...but with everything already NAT'ed...people's stuff on internal networks won't really need to change anything....will they?

wow..just..wow. You really don't know the criticality of this or the momentum moving through ISPs, do you?

Decade my ass.

It sure doesn't seem all that critical if you go by their actions.

Most haven't even started moving to ipv6, and those who have are doing so rather methodically.Most of them appear to have all the address space they need at the moment, and are heavily nat-ed on their internal networks. Most customers don't care, because they don't need inbound connections.

Most cable/DSL providers still have not even started rolling out modem replacements (mine can't handle ipv6 per the spec sheet).

If you ask them questions about their modems like...Do they plan firmware upgrades, or total replacements of the modems?Will I be limited to a small number of world route-able ip6 addresses? (and therefore still need nat)Will they handle 6-to-4 in the modem?etcetc... You get nothing but blank stares.

Panic hasn't set in. Static IP prices haven't started to rise. Nobody other than Comcast even want's to discuss the issue.

Yeh, it's comments like this that have caused the problem we're in. Lack of preparedness is going to cause massive problems with the switch over. Just today I asked what I can do to prepare for this with my ISP. They were quite helpful and asked if I would like to be converted today (in fact, they encouraged I do). I'm spending a bit of time doing some testing at home to ensure that my IPv6 network functions the way I want it to before being converted and to ensure that I understand all of the ins and outs.

Even if you switch to a pubic IPv6 address, all your internal stuff will still be IPv4. My home print server and IP telephony adapter are all IPv4. The problem with IPv6 is that you can't entirely switch to it and just shut down IPv4. You have to run dualstack for the foreseeable future. That's why every IT consultant and IT manager and CIO I've spoken to says they don't give a crap about IPv6 because every adopter of IPv6 will have to be backward compatible with IPv4 so why bother running dual stack. Even after all the addresses are assigned, not a single IPv4 device or network will stop working.

The choice is between IPv4 single-stack or IPv4/IPv6 dual-stack. Given those as the only choices, people are choosing the former instead of the latter. There is no possibility of running IPv6 single-stack. IPv6 will essentially become the new "private IP addresses" that have to translate to "public" IPv4 addresses used by 99% of the IP devices in the world. The only difference is that IPv6 devices will be able to talk to each other without a NAT across organizations.

I think you have those backwards.. IPv4 will continue to be used with LANs and VPNs for just the sofyware you mentioned with NAT gateways for IPv4 remote services over IPv6. And IPv6 will become ever more important publicly.

It's not quite yet the time to retrofit IPv6 everywhere, but it is definitely time to build support into your new development requirements.

Just like y2k, if you coded software that used 2 digit date fields in 1995, you had only yourself to blame for needing to rush around in 1999.

And just like in y2k, after we get IPv6 everywhere and nothing blows up, we'll be blamed for running a con job just like in y2k. "Sheesh, nothing happened, and we spent all that money on getting you to fix a non-problem!"

ISPs won't support it until customers demand it. This requires government action: use stimulus money to make free porno available to all over IPv6 only. And not just any porno: the kinkiest, highest-resolution, full-length nastiness the Feds can commission.

Yea, I'm waiting for my ISP to offer it too, so I can start experimenting with it. I won't use any of the tunneling services because I have a fast connection, so routing the packets trough a longer path than necessary (and this is what would hapen if my Pc decided to use IPv6 instead of v4 to connect to a server that supports both) will reduce my bandwidth, also, I doubt that any of those tunneling services would offer me 80mbps up/down for free.

That's just it, nobody offers NATv6 because it *shouldn't* be needed. instead you use a real firewall and you get the same protect you got with NAT but with an ip for every computer. if you don't like the idea of having a globally route-able address for every computer turn on the privacy extensions and then your ip will change so that the addresses are useless to anyone else. As it is, people are used to having a "router" to connect multiple computers and have wireless already. this device would change

Of course they are. But this only allows one network (as networks are always/64). If I want to have three networks (servers on one network, clients on another network, and my lightswitches and fridges on a third network) I will simply be able to do this. And IPv6 allows it. And because there is enough space overall, it is efficient for routing allocations to already now give enough space to everyone so that in the case of growth of an individual enduser, two or more separate entries in a routing table can be avoided.

There are some ISPs that are starting off with just a single/64 (e.g. Comcast's trial), because they've got some equipment or management software that's not bright enough to handle more complex routing than that, but the general consensus is that businesses should get/48 and residences should get at least/56. That not only allows for a couple of subnets (e.g. wired, wireless, uplink, DMZ), but it also lets you use relatively dumb routers that handle subnets by cutting their address space in 2-4 pieces, and you can stack a couple of those.

I have heard of one ISP that's only allocating a/60 for residences, but IPv6 has enough address space that most people think it's worthwhile wasting some of it to get addresses aligned on byte boundaries and not mess with nibble-aligned, much less single-bit-aligned.

I must admit, when I first heard about the idea to give/56 or/48 to everyone, it seemed ridiculous. I suspect most people don't have more than one subnet - but since there are about 8 million times as many/56s as there are people on Earth, maybe giving a/56 to everyone isn't so daft after all.

IIRC, the IPv6 policy is that unicast is only 2000::/3 for now - if we fill that, the allocation policy will be reassessed to be less generous. Hopefully they've been clear enough that other addresses are *not* in

If it was ten years ago, that would be true. I remember the time when many ISPs forbade the use of NAT entirely, as they believed people with more than one computer should pay more. But today, that wouldn't work, and I think all ISPs are sensible enough to know it - too many households have multible computers, plus games consoles, internet-connected TVs and so on. Those customers arn't going to stand for paying extra per device unless they have absolutly no other option, and even then they are going to comp

I could see the move to IPV6 as an excuse for ISPs to charge per device for a while.

So the only ones paying the price will be the bold early adopters, the ones who take the cataclysmic tone of editors like this article's seriously.

Thanks, but no thanks. I'll turn on IPv6 as default protocol when every single route to every single address I use more than once a month is full-path IPv6, no tunneling, no NAT, and my service provider doesn't see each v6 addressed issued as a new cash cow^w^wsubscriber charge.

Look, you're getting a subnet that's big enough for just about anything you can imagine doing at home, not just the things you can actually figure out how to do. If you're like to split your/56 into 256 different subnets and do different things on them, go ahead. You can do that without breaking the end-to-end principle.

NAT breaks stuff right and left today, for two main reasons- lots of protocols, including FTP and newer protocols, put the IP address inside the data packets, not just in the packet headers, and doing NAT properly requires ripping the packets apart, changing the addresses, and fixing up any checksums that got damaged in the process. It's even worse if you've got protocols that use crypto, either for information hiding or just simply for authentication. It's very hard to get them right, especially if people design protocols the firewall doesn't know about.- stateful NAT makes it hard to establish connections through the firewall. Sometimes this is intentional, blocking unwanted connections for security reasons, but if two people behind NAT want to communicate, neither one can talk until the other one has talked to them first. There are products like Skype that are popular because they go to a lot of trouble to work around the different broken NAT implementations out there.

Putting a firewall box in front of your computers isn't a bad thing - you just need one that's IPv6-aware instead of IPv4-only. You're not getting the security from NAT, you're getting security from having a stateful packet inspection box in front of your computer, and that's not going to change. If you want to offload packet inspection from your 2GHz CPU down to your 200 MHz SOC-based firewall, go ahead; about a quarter century ago, Van Jacobson figured out how to tune the BSD TCP/IP stack so you could do wire-speed file transfer on 10 Mbps Ethernets using a Sun 3/60, so you should have plenty of spare CPU horsepower left to inspect your packets.

There's no particularly good reason for your computer to look like a single computer to anybody outside your network, and simple address-munging isn't enough to solve the problem. My laptop has different addresses depending on where it's plugged in, home, work, coffeeshop, etc., and the address isn't enough to tell them anything definite. When I'm at work, I occasionally have trouble reaching sites because many other users behind my corporate firewall are accessing them at the same time, so they want me to do a CAPTCHA to verify I'm not a bot abusing their system. However, if anybody does want to track your address, with IPv 6 they'll probably do it by tracking your/56 or/48. Also, there's the IPv6 address privacy mode, which lets your computer use a different host-part address on every connection, so it's not using the same MAC address every time.

But a lot of protocols in use today (peer-to-peer filesharing, VOIP, VPN, etc.) have had horrible kludges built into them to ensure that they can break through NAT and still work.

Breaking trough NAT without port forwarding - sure. The only reason why the protocol might not work with NAT with port forwarding is if it for some reason does not trust the header of the packet and adds a copy of the IP address in the data section (like ftp does).

So make your router (or other box) explicitly do port forwarding and/or load-balancing; it's effectively what you're using NAT for here and would likely be more flexible.

So, I can make a packet destined to 1::2 port 80 (hmm, with IPv4 I can write 1.2.3.4:80, is some other symbol used for marking the port number? 1::2:3:4:80 could be confusing?) actually go to 1::3 port 80? Great - it means I can still publish only

That's not the only reason. IPsec, for instance, has to be wrapped inside UDP (called IPsec NAT-T) to break through NATs since IPsec was designed to be run directly on top of IP, where there is no concept of ports to forward! Any attempt to go beyond TCP and UDP runs horribly afoul of NATs.

Or I can forward whatever protocol number to my VPN server. The fact that NAT is possible does not mean that I have to limit yourself to one external IP. If I have two VPN servers I can use two external IPs for them.

Simple inbound port forwarding doesn't need to be implemented as some fancy stack-level kernel feature like NAT; you just need a process listening on a port that, upon accepting, makes a connection to another IP and port and copies the data in both directions.

Which means that the server will see a lot of connections coming from the router (or whatever does the port forwarding) and will not see the actual IPs of the clients. Which makes this less useful than NAT.

It's likely a fair amount of NAT-like behavior will be written for IPv6 to support implementing transparent proxies, which do have to happen at the stack level.

Oh yea, I forgot transparent proxies. Thanks for reminding me:)

I just want the amount of NATted traffic on the Internet at large to be on the opposite end of the bell curve than it is now, since with IPv6 it will be unnecessary to "share an Internet connection" in the same way as IPv4.

IPsec AH headers protect the integrity of the source and destination IP addresses (by design), so if those are modified in any way by NAT things will break.

Now that i went and read about it in Wikipedia, it seems we were both right - IPSec Transport mode does not support NAT (and needs NAT-T), while Tunnel mode (which is used for VPNs) supports NAT.

Anyway, you are clearly okay with NAT's limitations.

The only limitations of NAT that I see are those that stem from the fact that I only have one external IP (so I absolutely have to use NAT for everything). If that limit is lifted, NAT would have no problems, or rather, if you do not like it, you would not have to use it. Why would it be bad for you if I use it to m

Some servers track your IP when you log in. If your IP changes you might have to log in again. What if I want to be logged in from two computers?

Also, if I, say, have two servers that provide similar, but different services, I might want to make them appear as a single server that has a single DNS name. connecting to example.com at port 80 (http) would connect you to one server, but connecting to port 21 (ftp) would connect you to another server and there would be no need for www.example.com and ftp.example

There are always so many people saying they want NAT, but if addresses are plentiful then it serves absolutely no purpose. I think that most people who see it as necessary are confusing its function with a firewall. You do not need NAT to do the same things your home router does today. You can still block all incoming connections to a computer and allow all outgoing connections. You can still allow specific ports to be opened to specific machines.

Using a public address on your internal network doesn't automatically mean that you need to just allow any traffic in. Use a firewall to "stealth" every port and there will continue to be no evidence that you have a computer there.

The idea that NAT will go away just because a network is IPv6 is a pipe dream. No sane security admin would ever allow that. The idea that the firewall is the only thing between you and the outside world is, and should be, a non starter.

IT security is all about multiple layers, and one of them is the fact that you have a DMZ between you and the internet, and that the internet can't route outside of it. That is not going anywhere.

Look, I don't want to be disrespectful to you as a person, but your understanding of network security is... limited. What the fuck does having a DMZ have to do with NAT? It's true that NAT is how the most common way to configure a segregated v4 network, but if you think that NAT is the only (or even the best) way to handle this, you're sorely mistaken.

This may strike you as heresy, but you can construct your network with public-facing addresses, a DMZ and a network of addresses inaccessible from the outside world (except under prescribed circumstances)... all using public IPv6 addresses. The secret is... wait for it... don't fucking route to them, except when you decide it's okay.

The simplest way to do this would be simply to refuse connections originating from outside your network for a designated subnet. Hey presto! All the benefits of NAT without the insanity of NAT!

My employer, a university with campuses in 12 countries, does this already with a public IPv4 block. Last I checked, it was working just fine, thank you very much.

Which is all very well and good, but that requires that everyday people learn how to configure routers to do that. Guess what? That ain't gonna happen. People want a plug-and-play solution, not one where they have to learn crap they don't care about when all they want to do is read email or browse the web.

He's right - NAT has useful functionality beyond just the "security" aspects.

The IPv6 internet model still only allows provider-independent addressing if you're a member of your regional NIC (with all the associated bits and pieces, like ASNs etc)

NAT is the only sane way to give your network provider independence under this system. If you're forced to renumber your network when changing ISPs, it's a real pain in the neck. Also - what if you want to do redundant internet connections? With IPv4 NAT you just set up the NATing firewall to have two connections with the same priority, enable stateful tracking, and away you go. That's flat out impossible with directly addressed IPv6 - every device would need two IP's (one for each provider subnet), and you'd need to manually configure each device to spit out some traffic with one source IP and other traffic with another source IP.

Additionally, NAT lets you do some useful stuff, like providing multiple services on multiple back-end machines via a single IP (which would of course correspond to a DNS record). For example, providing a "mail.example.com" address which provides POP3, IMAP, Webmail and SMTP submission service - POP3 and IMAP going to the mailstore machine, Webmail to a webserver and SMTP to an MX machine, without needing to configure slow port proxy services which lose valuable information (such as the source IP for connections)

ULA's aren't supposed to be routeable. That means you've got some of the problems of NAT (multiple address spaces) without its solutions (rewriting packet addresses)

Yes, you can assign multiple IPs per machine. You can do that with IPv4 too. It's an administrative nightmare generally. This will get especially bad if you've got a network with some services accessed by ULA and others by global address on Provider A's range, and yet more by global address on Provider B's range.

There are other ways to find the machines on your subnet besides scanning, though it is nice that scanning will become harder. If you've got a known brand of ethernet card, there are only 24 bits worth of possible MAC addresses, and what's 16 million scanning packets between friends? Multicast works by default, though your firewall might block it, and they can still do phishing to get you to go to their web page so they can get your address. (IPv6 address privacy mode is a Good Thing, though corporate ne

There are *many* 6 year old Cisco routers and switches out there that are still covered under support contracts that won't be getting IPv6 support as they have been End-of-Life'd.
Consider for a moment that many of these same ISPs are the ones who elect to throttle their users to 256Kbps if they go above their 5GB monthly usage limit.
Smaller ISPs are already going in and double-natting their customers as well to further over-subscribe their network and get by with less.
Home ISPs will likely continue ignoring this problem for years to come, until the eventual hardware swaps enables them to support IPv6 and then have a reason to start billing their customers more for "now with public IPs to improve your gaming performance".

The amount of *new* networking kit and software that still doesn't support IPv6 is frankly depressing. Microsoft's Forefront TMG (Their ISA replacement), for example, requires Server 2008/2008 R2 (which have full IPv6 support out of the box) but doesn't actually support IPv6 routing itself and it's only ~1 year old.

With Cisco, End-of-Life and End-of-Support are two wildly different things...
To Cisco, End-of-Life means "no more updates", while End-of-Support means "you can call us up for help, and we will provide you with a replacement unit if yours fails".
End-of-Support is typically 5 years after the End-of-Life announcement, however there are the random exceptions like their VPN Concentrators.

A massive undertaking by programmers worldwide in order to prevent a catastrophic meltdown. Completed just in time in a way that's transparent to the rest of the world, making it seem like no big deal.

I really wouldn't go into board rooms and mention Y2K. The general public seems to think that there was nothing there and it was just a big hoax. I'm sure all of you have encountered this recently too. A few times recently I had to correct people who said something like "That Y2K thing was no big deal". My answer to them was "It was no big deal because people worked for 5-10 years to fix it, otherwise it would have been a big deal". But you all know that.

But if you want to be dismissed as a panic monger, bring up Y2K, otherwise, don't.

The nice part is, unlike Y2K, is that there's no hard drop-dead date by which all work has to be done and all of a sudden there's a bunch of folks laid off. IPv4 can be a looming threat for years to come! Huzzah!

Yep, it's a mess. But migration is still critical. The fact its a mess just means that it's that much harder to do right. Maybe if people hadn't been putting their fingers in their ears and shouting "NAT NAT NAT!" for the past 5 years, it wouldn't be such a mess now.

Well, that's a position I've never heard. The messiness of the transition is, well, yes a mess, but that does mean that more techies will make more money to fix it all up. It will get all fixed up one way or another, but it will cost a hell of a lot more.

I don't agree at all with this article. The author claims that IPv6 should have been designed as an extension to IPv4 so that IPv4 and IPv6 hosts can communicate with each other directly. This is fundamentally impossible. The IPv4 host can only send packets to IP addresses with 32 bit. Any longer number is not understood by the IPv4 host. In order to make this work, the IP stack of every IPv4 host would need to be updated. Guess what has to be done to have IPv4 and IPv6 dual stack? The IP stack of every IPv4 host needs to be updated!

You're talking apples and oranges. Most of your comment simply doesn't make sense.

In order for IPv4 to be compatible with IPv6, ALL IPv4 stacks would require updates and still have all of the IPv4 flaws and problems and limitations - like addressing. Or, with the same hassle, you can update to IPv6, get superior addressing, lots of additional benefits, AND backward compatibility via either dual stack (IPv4+IPv6) or technology such as NAT64 [wikipedia.org] and DNS64 [wikipedia.org].

Yes, this would have been a whole lot easier if IPv4 addresses like: 76.33.45.121 became 0::76:33:45:121, for instance. Then everyone could easily do IPv6 passthrough. What were these people thinking that created IPv6?

As a network admin i ABSOLUTELY agree with the first article. IPv6 is going to down in all of history as the greatest disaster in IT. I can barely speak to another admin who isnt loosing hair over this.

Reading DJB's screed just makes me sad for the man. He literally expects any IPv6 implementation plan to entail a "magic moment" where literally everyone starts using IPv6 end-to-end, simultaneously. This is the kind of "informed" stance I'd expect out of a libertarian claiming we can eliminate the income tax entirely, but not from an expert who should appreciate the absurdity of such an expectation.

Do we really need to have 3 ipv6 article a week on slashdot. I believe every single slashdotter knows and understands what the problem is about. So I suggest the editors to skip all the articles about "how my god we need to move to ipv6 FAST",

Yes. These submissions link to articles that we can cite when attempting to convince our PHBs or CxOs that yes, we do indeed need to budget for the ipv6 migration, and no, we can't wait a couple years to get the ball rolling.

Just wait until "ipv6 conversion specialists" are charging you $450 an hour to make sure your business is not floundering because you ignored the problem until it was an emergency.

I finally found the group responsible for IPv6 at my company, and asked about our readiness. now keep in mind, we don't need to wait for an upstream provider as we are the upstream provider, with many peering agreements in place.

Good that there are providers that I can switch to when I need to use IPv6 that are better prepared than your company. I really think that having a working and well-tested IPv6 offering - ideally IPv4/IPv6 dual stack or dual stack Lite if there are no more IPv4 addresses - will be a competitive advantage.

For competition in our area there is one other large company, their publicly stated IPv6 policies are actually worse than ours (which is quite the feat to be honest!) and a handful of small ISPs reselling our lines and using us as an upstream provider... they don't have much choice in the matter.

is when desperate (or "innovating") ISPs decide to jack up the rates on static blocks. Companies that have a static/24 will see the rate to lease that block double overnight. Then if you're only REALLY using a few dozen of them, giving some of that back is going to look really attractive. Did I say double? how about x16? if you can live with 29 usable instead of 253 I bet that's an offer many can't refuse.

I've got a block of 8 myself (5 usable naturally) so I think I'm safe from the vultures for awhil

When the final set of 8's were handed out I got in contact with my ISP and this is what they said

Qwest has taken care of the IPv4 exhaust issue for our residential customers at the ISP level. We are implementing the capability to communicate with contacts at both IPv4 and IPv6 addresses. This transition will be transparent to Qwest residential and business customers.

I'm not sure if the transition can actually be transparent since at a minimum I'll have to do something with my TCP/IP so it knows that IP6 is there, and from the looks of it my Modem doesn't support it ether without maybe a firmware upgrade.

IP has no concept of "ports". Aside from the fact that you didn't split the port space evenly, you clearly have no concept of how IP and networking works. And even if this is a serious suggestion, and could possibly be implemented, it would be at least as much (if not more) work than implementing IPv6 *anyway*.

Major ISP's are just now getting the ball rolling. Client software is still being perfected. The bridges for early adopters are known to be flakey. Talk to the people working on that stuff (oh, wait, you don't need to, they're already underway).

Most readers here will move along when the infrastructure is ready. We know the address space is effectively out but there's little reason to do much at this point, and anybody trying to push people to adopt IPv6 before the tools are robust is kidding themselves.

At least before home users can care, is a good 4 to 6 translation system. What I mean is let's say your ISP goes IPv6 and your cable modem gets just an IPv6 address. If you have a newer computer (Vista or newer, newer OS-X releases, etc) it'll just work. It can have its own public IPv6 address and everything is great.

However, what do you do about older stuff? I'm not just talking older computers, which possibly could be upgraded, but I'm talking older devices, which can't. My AV receiver is a networked devi

That's called NAT-PT and I've just had a huge flamewar about it on the last IPv6 article. Basically, all the v6 geeks here hate NAT and think nobody should be allowed to have such a thing. Hence, the RFC has been deprecated and nobody is even trying to implement it.

... the one where by far most of the people, even if you go just to the IT ones, ignores even what is IPv6. How many isps or carriers now are giving ipv6 as an option? Probably the most common policy now is "lets wait till everyone else already took the first step before moving a finger" (later it will be "let all scream and run in circles")

The big mistake was not making mobile IP devices IPv6 from the beginning. Even if they had to go through a NAT at the telco. Most of the growth is in mobile devices.

Fortunately, most mobile devices respond to updates pushed from the carrier. So mobile carriers need to be encouraged to implement that transition. Carriers are in a good position for this, since they control both ends of the air link. Some of this must be happening already.

Facebook, 4chan, digg, slashdot, reddit, and redtube make their sites accessible by ipv6 only (and not through v4 to v6 tunnels.)They take a hit in traffic for a little while, two weeks later, every ISP is giving out ipv6 addresses and every ancient router and pc is upgraded.:)

Yup. And realistically, although its not something to be proud of, there's too much money for everyone in continuing to work with IPv4 addresses for years now to force anyone over the wall to IPv6 only.

Its probably going to come down from on high - want any new routable IPs? Your ISP will force you to be fully v6 compatible. Why? Because their upstream is doing the same to them...

In the next 6-24 months though, expect a remarkable amount of horse-trading of large IPv4 blocks.

for my damn IP numbers! I am not falling victim to this left-wing liberal conspiracy to artifially inflate the price of my IP numbers, the fuel of my business! There is no such thing as a global shorting of IP numbers, the scientific evidence is completely subjective and there is no hard evidence whatsoever, no measurements, of a global shorting of IP numbers . Everyone that needs one has an IP number, and there are plenty more. I myself have 192,168,000,023 IP numbers for use just here in my company. This in nothing but a left wing media conspiracy against the working people to take away our god-given constitutional right to IP numbers in black helicopters.

If you completely ignore it, isn't it likely you'll continue on with no adverse effects? I thought VP4 would continue to work with no tweaking necessary, as long as you're not using broken equipment.

But we all buy and acquire equipment. Getting a wireless router for your home, maybe you should check the specs a bit more closely now. Buying a set top DVR? You might want to do the same. Trying to decide if your old computer needs an OS update? Some will never have IPv6 support.

For end users these are concerns that could bite them down the road. For corporations, these are the kind of acquisition failures that will cost millions down the road.

they created an entirely new and huge problem (destroying
SIOCGIFCONF backwards compat hurt IPV6 deployment in operating
systems on a massive scale) by not making their sockaddr be
a power of 2 in size.

I still haven't heard anyone explain why that is so catastrophically bad. It may be, but in practice, I haven't seen how this afflicts me.

Now I will complain that they changed some fundamentals around DHCP (DHCP at all being a near afterthought as they magically thought route advertisement, stateless addressing, and mDNS would be the cure for *EVERYTHING*). However, most of it is probably going to fall into place as soon as more practical deployments start (currently, most v6 trials that end in failure cause people to just walk away from now instead of trying to push fixes.

Your first link dates from 2003, and therefore I cannot do anything but ignore it. Especially since you don't specify what part you're aiming at...
As to what your other link is concerned, Theo de Raadt usually knows what he's talking about, but, he also likes to troll anybody he doesn't like. His post basically says that he doesn't like implementing an arp alternative. His other point simply means it may be a bit more difficult if you assumed all socket addresses would only ever be to the power of 2. That

Everything has mistakes built in. But DJB's article (aside from being 9 years old) simply boils down to "but who will implement it if it's not widely implemented?" The whole point of implementing it is that it'll get more widely used. That OpenBSD mailing list message was marginally more interesting, but boiled down to "it messes up my struct!"

I don't understand all the IPv6 hatred. IPv4 is not tenable (which can't really be argued otherwise), and even somehow extending the current address space would break

What's wrong with comparing it to the Y2K bug? Oh, yeah, that's right, the Y2K bug was actually fixed in a timely fashion and the vast, vast majority of computers were ready for new years' day, 2000. Whereas IPv6 isn't comparable because people are listening and starting to implement change.

Also, there's no real 'hard-and-fast' deadline like there was with the Y2K bug - exhaustion of IPv4 address space won't cause the Internet to suddenly collapse - it will just begin to cause g

How are we supposed to roll out IPv6 without NAT? Can someone explain, and without RANTING about how NAT is unnecessary?

Think about it. Let's say I set up my company with link local addresses. IPv6 forbids NAT on routers and firewalls. So how are my hosts going to talk to the Internet? Specifically, if I have a link local address of fe80::/10. That's not going to be routable from the Internet. TCP is two-way traffic, so the servers need a return route to me. How is this accomplished with NAT?

NAT is necessary so the ISP can send traffic back to my summarized address. I don't understand how this works when they forbid NAT. Someone please kindly explain how that works.

Sorry to rant at you and not answer your question.

Have we stopped learning/teaching about routing, forwarding and firewalls because the magic NAT box does all of that for us? This is a sad state for the world of networking that such a question must be asked.. repeatedly... by people who should know better.

How are we supposed to roll out IPv6 without NAT? Can someone explain, and without RANTING about how NAT is unnecessary?

Ok, not a word about NAT.

Think about it.

I am thinking.

Let's say I set up my company with link local addresses.

You will not. Link local address is something every IPv6 interface has. You can use to communicate with other hosts on the same ethernet segment. You can not use it for communicating with the internet at large.

IPv6 forbids NAT on routers and firewalls.

It does no such thing. However nobody has bothered implementing NAT (sorry I said the word) on IPv6. I am sure someday somebody will but few will use it.

So how are my hosts going to talk to the Internet?

The minimum subnet size an ISP can assign to a customer is a/64 giving you 2^64 unique IP addresses you can distribute among your computers. In fact, your computers will pick up the prefix (the first 64 bit) from the router and then select the last 64 bit automatically. You will not have to do anything, it will just work.

Specifically, if I have a link local address of fe80::/10. That's not going to be routable from the Internet. TCP is two-way traffic, so the servers need a return route to me. How is this accomplished with NAT?

I assume you are asking how it is accomplished _without_ NAT. You are confused about link local addresses. Those are not generally something you will be using. Your computers will get the first half of the IP address from the router and it will make up the last half by using your MAC or by random. All your computers will have unique public IP addresses. Since your computer already has a public IP address there is no need to translate it to something different by NAT.

NAT is necessary so the ISP can send traffic back to my summarized address. I don't understand how this works when they forbid NAT. Someone please kindly explain how that works.

You are assuming you only have one address. In fact you will have a minimum of 2^64 addresses. The ISP only needs the first 64 bit of the address to route it back to you. The last 64 bit is handled internally on your network. If you insist, you could say the first 64 bit is your "summarized address".

I had to google Sarbanes-Oxley compliance. Never heard of it before. Apparently it's some sort of irrelevant foreign legislation regarding accounting. How they managed to equate that to the hard technical limits like Y2K and IPv6 is beyond me.